Http Cgi Bin Percent Encoded Directory Traversal Bin Sh

HTTP request targeting /cgi-bin/ with repeated percent-encoded directory traversal sequences (%%32%65%%32%65 → ..) resolving to /bin/sh. Represents a traversal attempt using double-encoded dot segments to escape the CGI directory and invoke the system shell (/bin/sh) directly via the request path.

Observed IPs

1,414

Avg Confidence

84%

Protocol

HTTP

Top IPs by event count

IP Address	Risk	Events	Sessions	Country	ASN	Last Seen
82.165.66.87	100%	6,328	655	🇩🇪 DE	AS8560	2026-04-09
154.221.23.136	96%	3,776	3,746	🇸🇨 SC	AS142403	2026-04-06
101.36.104.242	100%	3,569	508	🇯🇵 JP	AS135377	2026-04-17
165.154.227.13	100%	2,993	196	🇹🇼 TW	AS142002	2026-02-25
61.245.11.87	100%	2,720	500	🇵🇭 PH	AS19970	2026-03-30
180.76.172.156	100%	2,667	1,022	🇨🇳 CN	AS38365	2026-04-17
103.40.61.98	100%	2,561	520	🇮🇳 IN	AS133700	2026-04-17
114.220.75.156	100%	2,422	991	🇨🇳 CN	AS4134	2026-04-17
128.199.103.139	100%	2,182	281	🇸🇬 SG	AS14061	2026-04-17
34.60.107.64	100%	2,151	151	🇺🇸 US	AS396982	2026-02-21
178.17.58.122	96%	2,037	1,995	🇩🇪 DE	AS215540	2026-02-18
217.154.69.208	100%	1,759	269	🇩🇪 DE	AS8560	2026-04-09
159.65.119.52	100%	1,724	336	🇩🇪 DE	AS14061	2026-03-17
47.85.49.48	99%	1,664	325	🇺🇸 US	AS45102	2026-02-26
103.232.121.71	100%	1,634	102	🇻🇳 VN	AS56150	2026-02-22
68.183.234.194	100%	1,581	613	🇺🇸 US	AS14061	2026-04-17
185.91.69.217	100%	1,565	727	🇬🇧 GB	AS201579	2026-04-09
101.36.107.228	100%	1,551	192	🇭🇰 HK	AS135377	2026-03-22
181.176.14.90	100%	1,508	190	🇵🇪 PE	AS262210	2026-04-06
222.89.169.98	100%	1,427	330	🇨🇳 CN	AS4134	2026-04-17